A security researcher, Chris Roberts, claimed that in between the year 2012 and 2014 he was able to hijack nearly 15 to 20 flights using the in-flight entertain systems.
Connecting a computer to find the network vulnerabilities and then using them against the computer systems to take over the flight control and thrust management. Roberts admitted about hijacking airplanes to the FBI in the month of February.
The Federal Bureau of Investigation seized all of the belongings of Roberts, including his equipment and computers, to investigate the issue.
The US-based security researcher said that he used to crack open the electronic systems beneath the seats, and then connect his computer to an LAN cable to search for the vulnerabilities.
If found, Roberts then used to use those weaknesses in the flight control system to hijack the entire aircraft, he could have managed the engines, listen to the cockpit conversations and much more sitting in his passenger seat.
FBI confirmed that the flights in which the security researcher travelled were having the case of electronic boxes physically altered. Roberts was also removed from the flight when a report came out that hackers can hijack the planes using the Wi-Fi.
Roberts was interrogated continuously for the month of February and March so as to fix the situation without risking the lives of innocent passengers.
Other security researchers are also claiming the act unethical as it involved risking the lives of hundreds and thousands of innocent passengers flying on those planes, and tweeting the details about it was even worse as it could have resulted in malicious people taking advantage of it to bring the harm.
“Connecting your laptop to an in-flight media system or anything on an actual plane with people on it is not the way to conduct security research,” said Ken Westin, a security analyst from Tripwire.
Security researchers are like those hackers who attack an infrastructure to find the vulnerabilities in it, and a fix for it before anyone else does.
It hence protects and improves the overall security of a product, organization or an infrastructure from blackhats or hackers who intend to bring harm.